<!DOCTYPE html>
<html lang="en">

<!-- Head tag -->
<head><meta name="generator" content="Hexo 3.9.0">
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="google-site-verification" content="xBT4GhYoi5qRD5tr338pgPM5OWHHIDR6mNg1a3euekI">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content>
    <meta name="keyword" content>
    <link rel="shortcut icon" href="/myblog/img/favicon.ico">

    <title>
        
          HTTPS介绍 - Ethan的博客 | Ethan&#39;s Blog
        
    </title>

    <link rel="canonical" href="http://reflectyi.gitee.io/myblog/myblog/2016/11/01/http/确保web安全的HTTPS/">

    <!-- Bootstrap Core CSS -->
    <link rel="stylesheet" href="/myblog/css/bootstrap.min.css">

    <!-- Custom CSS -->
    <link rel="stylesheet" href="/myblog/css/hux-blog.min.css">

    <!-- Pygments Highlight CSS -->
    <link rel="stylesheet" href="/myblog/css/highlight.css">

    <!-- Custom Fonts -->
    <!-- <link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css"> -->
    <!-- Hux change font-awesome CDN to qiniu -->
    <link href="https://cdn.staticfile.org/font-awesome/4.5.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">


    <!-- Hux Delete, sad but pending in China
    <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
    <link href='http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800' rel='stylesheet' type='text/
    css'>
    -->


    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
        <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
        <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
    <![endif]-->

    <!-- ga & ba script hoook -->
    <script></script>
</head>


<!-- hack iOS CSS :active style -->
<body ontouchstart="">

    <!-- Navigation -->
<nav class="navbar navbar-default navbar-custom navbar-fixed-top">
    <div class="container-fluid">
        <!-- Brand and toggle get grouped for better mobile display -->
        <div class="navbar-header page-scroll">
            <button type="button" class="navbar-toggle">
                <span class="sr-only">Toggle navigation</span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="navbar-brand" href="/myblog/">Hi,Ethan</a>
        </div>

        <!-- Collect the nav links, forms, and other content for toggling -->
        <!-- Known Issue, found by Hux:
            <nav>'s height woule be hold on by its content.
            so, when navbar scale out, the <nav> will cover tags.
            also mask any touch event of tags, unfortunately.
        -->
        <div id="huxblog_navbar">
            <div class="navbar-collapse">
                <ul class="nav navbar-nav navbar-right">
                    <li>
                        <a href="/myblog/">首页</a>
                    </li>

                    

                        
                    

                        
                        <li>
                            <a href="/myblog/about/">目录</a>
                        </li>
                        
                    

                        
                        <li>
                            <a href="/myblog/archives/">时间轴</a>
                        </li>
                        
                    

                        
                        <li>
                            <a href="/myblog/tags/">标签</a>
                        </li>
                        
                    
                    
                </ul>
            </div>
        </div>
        <!-- /.navbar-collapse -->
    </div>
    <!-- /.container -->
</nav>
<script>
    // Drop Bootstarp low-performance Navbar
    // Use customize navbar with high-quality material design animation
    // in high-perf jank-free CSS3 implementation
    var $body   = document.body;
    var $toggle = document.querySelector('.navbar-toggle');
    var $navbar = document.querySelector('#huxblog_navbar');
    var $collapse = document.querySelector('.navbar-collapse');

    $toggle.addEventListener('click', handleMagic)
    function handleMagic(e){
        if ($navbar.className.indexOf('in') > 0) {
        // CLOSE
            $navbar.className = " ";
            // wait until animation end.
            setTimeout(function(){
                // prevent frequently toggle
                if($navbar.className.indexOf('in') < 0) {
                    $collapse.style.height = "0px"
                }
            },400)
        }else{
        // OPEN
            $collapse.style.height = "auto"
            $navbar.className += " in";
        }
    }
</script>


    <!-- Main Content -->
    
<!-- Image to hack wechat -->
<!-- <img src="http://reflectyi.gitee.io/myblog/myblog/img/icon_wechat.png" width="0" height="0"> -->
<!-- <img src="{{ site.baseurl }}/{% if page.header-img %}{{ page.header-img }}{% else %}{{ site.header-img }}{% endif %}" width="0" height="0"> -->

<!-- Post Header -->
<style type="text/css">
    header.intro-header{
        background-image: url('/myblog/img/home-bg.jpg')
    }
</style>
<header class="intro-header" >
    <div class="container">
        <div class="row">
            <div class="col-lg-8 col-lg-offset-2 col-md-10 col-md-offset-1">
                <div class="post-heading">
                    <div class="tags">
                        
                          <a class="tag" href="/myblog/tags/#HTTP" title="HTTP">HTTP</a>
                        
                    </div>
                    <h1>HTTPS介绍</h1>
                    <h2 class="subheading">HTTP的缺点和HTTPS的介绍</h2>
                    <span class="meta">
                        Posted by Ethan on
                        2016-11-01
                    </span>
                </div>
            </div>
        </div>
    </div>
</header>

<!-- Post Content -->
<article>
    <div class="container">
        <div class="row">

    <!-- Post Container -->
            <div class="
                col-lg-8 col-lg-offset-2
                col-md-10 col-md-offset-1
                post-container">

                <h3 id="一、HTTP的缺点"><a href="#一、HTTP的缺点" class="headerlink" title="一、HTTP的缺点"></a>一、HTTP的缺点</h3><ul>
<li>概述<ul>
<li>通信使用明文，内容可能被窃听</li>
<li>不验证通信方的身份，可能遭遇伪装</li>
<li>无法验证报文的完整性，可能已遭篡改</li>
</ul>
</li>
<li>1、通信使用明文可能被窃听<ul>
<li>概述：HTTP本身不具备加密的功能，所以也无法做到对通信整体(HTTP通信的请求和响应内容)进行加密。即HTTP使用明文传输</li>
<li><code>TCP/IP</code>是可能被窃听的网络。按照<code>TCP/IP</code>协议族的工作机制，通信内容在所有的通信线路上<ul>
<li>经过加密处理的通信，也会被窥视到通信内容。只是内容被加密让人无法破解，但是还是会被窥视到内容 </li>
</ul>
</li>
<li>加密处理防止被监听<ul>
<li>通信的加密：可以和SSL或TSL组合使用，加密通信内容。SSL建立安全线路以后，在这条线路上进行HTTP通信</li>
<li>内容的加密：要求客户端和服务器同时具有加密和解密的机制。但内容仍然有被篡改的风险</li>
</ul>
</li>
</ul>
</li>
<li>2、不验证通信方的身份可能遭遇伪装<ul>
<li>概述：HTTP协议中的请求和响应不会对通信方的身份进行确认。</li>
<li>任何人都可以发起请求，存在隐患：<ul>
<li>无法确定请求发送至目标的web服务器是否按真实意图返回响应的那台服务器，有可能是已伪装的web服务器</li>
<li>无法确定响应返回到的客户端是否是按照真实意图接收响应的那个客户端。有可能是已伪装的客户端</li>
<li>无法确定正在通信的对方是否具备访问的权限，因为某些web服务器上保存着重要的信息，指向发给特定用户权限</li>
<li>无法判定请求来自哪里</li>
<li>接收大量无意义请求，无法阻止海量DOS攻击</li>
</ul>
</li>
<li>查明对手的证书<ul>
<li>SSL不仅提供了加密，还提供了证书。证书由值得信赖的三方提供，用于证明服务器和客户端是实际存在的。</li>
</ul>
</li>
</ul>
</li>
<li>3、无法证明报文完整性，可能被篡改<ul>
<li>概述：完整性是指信息的准确度。弱无法证明完整性，通常意味着无法判定信息的准确性。</li>
<li>接受到的信息可能有误</li>
<li>如何防止被篡改<ul>
<li>ND5和SHA-1等散列值校验的方法，以及用来确定文件的数字签名方法。但是需要用户手动验证<h3 id="二、HTTPS"><a href="#二、HTTPS" class="headerlink" title="二、HTTPS"></a>二、HTTPS</h3></li>
</ul>
</li>
</ul>
</li>
<li>1、HTTP加上加密处理和认证以及完整性保护以后即是HTTPS</li>
<li>2、HTTPS 是身披 SSL 外壳的 HTTP<ul>
<li>通常HTTP直接和TCP通信，使用SSL时，则演变成HTTP先和SSL通信，然后SSL在和TCP通信</li>
</ul>
</li>
<li>3、相互交换密钥的公开密钥加密技术<ul>
<li>SSL采用公开密钥加密技术。加密算法公开，密钥保密</li>
<li>共享密钥加密的困境：<ul>
<li>对称密钥加密：加密和解密同用一个密钥的方式 。密钥移交和密钥保管都会有难度</li>
<li>非对称密钥加密：使用两把密钥的公开密钥加密，私有密钥不能让其他任何人知道， 而公开密钥则可以随意发布， 任何人都可以获得。</li>
</ul>
</li>
</ul>
</li>
<li>4、HTTPS 采用混合加密机制<ul>
<li>概述： HTTPS使用的是共享密钥加密和公开密钥加密并用的混合加密方式。<ul>
<li>如果密钥能安全交换就可能考虑采用公开密钥加密，但是速度慢</li>
<li>在交换密钥环节使用公开密钥加密，之后建立通信交换报文阶段则使用共享密钥加密方式</li>
</ul>
</li>
</ul>
</li>
<li>5、证明公开密钥正确性的证书<ul>
<li>公开密钥加密方式，不能证明公开密钥本身就是货真价实的公开密钥。</li>
<li>可以使用由数字证书机构颁发的公开密钥证书。</li>
</ul>
</li>
<li><p>6、HTTPS的安全通信机制</p>
<ul>
<li><code>SSL</code> 和 <code>TLS</code><ul>
<li>HTTPS 使用 <code>SSL（Secure Socket Layer）</code> 和<code>TLS（Transport LayerSecurity）</code> 这两个协议   </li>
</ul>
</li>
<li><code>SSL</code>慢，相比于HTTP慢2到100倍<ul>
<li>通信慢</li>
<li>处理速度慢：消耗大量的CPU和内存等资源 </li>
</ul>
</li>
<li>为什么不一直使用 HTTPS<ul>
<li>加密通信会消耗更多的CPU及内存资源 </li>
<li>使用的证书必须向认证机构（CA）购买</li>
</ul>
</li>
</ul>
</li>
<li><p>7、HTTPS通信流程</p>
<ul>
<li>步骤 1： 客户端通过发送 Client Hello 报文开始SSL通信。报文中包含客户端支持的SSL的指定版本、 加密组件（Cipher Suite）列表（所使用的加密算法及密钥长度等）</li>
<li>步骤 2： 服务器可进行SSL通信时，会以 Server Hello 报文作为应答。和客户端一样，在报文中包含 SSL版本以及加密组件。服务器的加密组件内容是从接收到的客户端加密组件内筛选出来的。</li>
<li>步骤 3： 之后服务器发送 Certificate 报文。报文中包含公开密钥证书。</li>
<li>步骤 4： 最后服务器发送 Server Hello Done 报文通知客户端， 最初阶段的 SSL握手协商部分结束。</li>
<li>步骤 5： SSL第一次握手结束之后，客户端以 Client Key Exchange 报文作为回应。 报文中包含通信加密中使用的一种被称为 Pre-mastersecret 的随机密码串。该报文已用步骤 3 中的公开密钥进行加密。</li>
<li>步骤 6： 接着客户端继续发送 Change Cipher Spec 报文。该报文会提示服务器，在此报文之后的通信会采用 Pre-master secret 密钥加密。</li>
<li>步骤 7： 客户端发送 Finished 报文。该报文包含连接至今全部报文的整体校验值。这次握手协商是否能够成功，要以服务器是否能够正确解密该报文作为判定标准。</li>
<li>步骤 8： 服务器同样发送 Change Cipher Spec 报文。</li>
<li>步骤 9： 服务器同样发送 Finished 报文。</li>
<li>步骤 10： 服务器和客户端的 Finished 报文交换完毕之后，SSL连接就算建立完成。当然，通信会受到 SSL的保护。从此处开始进行应用层协议的通信，即发送 HTTP 请求。</li>
<li>步骤 11： 应用层协议通信， 即发送 HTTP 响应。</li>
<li>步骤 12： 最后由客户端断开连接。断开连接时，发送 close_notify 报文。上图做了一些省略，这步之后再发送 TCP FIN 报文来关闭与TCP的通信</li>
</ul>
</li>
</ul>


                <hr>

                

                <ul class="pager">
                    
                        <li class="previous">
                            <a href="/myblog/2016/11/01/http/HTTP首部字段详解/" data-toggle="tooltip" data-placement="top" title="HTTP首部字段详解">&larr; Previous Post</a>
                        </li>
                    
                    
                        <li class="next">
                            <a href="/myblog/2016/10/01/jvm/jvm执行/class文件结构/" data-toggle="tooltip" data-placement="top" title="class文件结构">Next Post &rarr;</a>
                        </li>
                    
                </ul>

                

                
                <!-- disqus 评论框 start -->
                <div class="comment">
                    <div id="disqus_thread" class="disqus-thread"></div>
                </div>
                <!-- disqus 评论框 end -->
                

            </div>
    <!-- Side Catalog Container -->
        
            <div class="
                col-lg-2 col-lg-offset-0
                visible-lg-block
                sidebar-container
                catalog-container">
                <div class="side-catalog">
                    <hr class="hidden-sm hidden-xs">
                    <h5>
                        <a class="catalog-toggle" href="#">CATALOG</a>
                    </h5>
                    <ul class="catalog-body"></ul>
                </div>
            </div>
        

    <!-- Sidebar Container -->

            <div class="
                col-lg-8 col-lg-offset-2
                col-md-10 col-md-offset-1
                sidebar-container">

                <!-- Featured Tags -->
                
                <section>
                    <!-- no hr -->
                    <h5><a href="/myblog/tags/">FEATURED TAGS</a></h5>
                    <div class="tags">
                       
                          <a class="tag" href="/myblog/tags/#HTTP" title="HTTP">HTTP</a>
                        
                    </div>
                </section>
                

                <!-- Friends Blog -->
                
                <hr>
                <h5>FRIENDS</h5>
                <ul class="list-inline">

                    
                        <li><a href="http://blog.kaijun.rocks" target="_blank">Kaijun&#39;s Blog</a></li>
                    
                        <li><a href="http://huangxuan.me" target="_blank">Hux Blog</a></li>
                    
                        <li><a href="#" target="_blank">Foo</a></li>
                    
                        <li><a href="#" target="_blank">Bar</a></li>
                    
                        <li><a href="#" target="_blank">Example Friends</a></li>
                    
                        <li><a href="#" target="_blank">It helps SEO</a></li>
                    
                </ul>
                
            </div>

        </div>
    </div>
</article>




<!-- disqus 公共JS代码 start (一个网页只需插入一次) -->
<script type="text/javascript">
    /* * * CONFIGURATION VARIABLES * * */
    var disqus_shortname = "hexo-theme-huxblog";
    var disqus_identifier = "http://reflectyi.gitee.io/myblog/2016/11/01/http/确保web安全的HTTPS/";
    var disqus_url = "http://reflectyi.gitee.io/myblog/2016/11/01/http/确保web安全的HTTPS/";

    (function() {
        var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
        dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
    })();
</script>
<!-- disqus 公共JS代码 end -->




<!-- async load function -->
<script>
    function async(u, c) {
      var d = document, t = 'script',
          o = d.createElement(t),
          s = d.getElementsByTagName(t)[0];
      o.src = u;
      if (c) { o.addEventListener('load', function (e) { c(null, e); }, false); }
      s.parentNode.insertBefore(o, s);
    }
</script>
<!-- anchor-js, Doc:http://bryanbraun.github.io/anchorjs/ -->
<script>
    async("https://cdn.bootcss.com/anchor-js/1.1.1/anchor.min.js",function(){
        anchors.options = {
          visible: 'always',
          placement: 'right',
          icon: '#'
        };
        anchors.add().remove('.intro-header h1').remove('.subheading').remove('.sidebar-container h5');
    })
</script>
<style>
    /* place left on bigger screen */
    @media all and (min-width: 800px) {
        .anchorjs-link{
            position: absolute;
            left: -0.75em;
            font-size: 1.1em;
            margin-top : -0.1em;
        }
    }
</style>



    <!-- Footer -->
    <!-- Footer -->
<footer>
    <div class="container">
        <div class="row">
            <div class="col-lg-8 col-lg-offset-2 col-md-10 col-md-offset-1">
                <ul class="list-inline text-center">
                
                
                

                

                
                    <li>
                        <a target="_blank" href="https://www.facebook.com/stateInstance">
                            <span class="fa-stack fa-lg">
                                <i class="fa fa-circle fa-stack-2x"></i>
                                <i class="fa fa-facebook fa-stack-1x fa-inverse"></i>
                            </span>
                        </a>
                    </li>
                

                
                    <li>
                        <a target="_blank"  href="https://github.com/stateInstance">
                            <span class="fa-stack fa-lg">
                                <i class="fa fa-circle fa-stack-2x"></i>
                                <i class="fa fa-github fa-stack-1x fa-inverse"></i>
                            </span>
                        </a>
                    </li>
                

                

                </ul>
                <p class="copyright text-muted">
                    Copyright &copy; Hi,Ethan 2019 
                    <br>
                    Theme by <a href="http://huangxuan.me">Hux</a> 
                    <span style="display: inline-block; margin: 0 5px;">
                        <i class="fa fa-heart"></i>
                    </span> 
                    Ported by <a href="http://blog.kaijun.rocks">Kaijun</a> | 
                    <iframe
                        style="margin-left: 2px; margin-bottom:-5px;"
                        frameborder="0" scrolling="0" width="91px" height="20px"
                        src="https://ghbtns.com/github-btn.html?user=kaijun&repo=hexo-theme-huxblog&type=star&count=true" >
                    </iframe>
                </p>
            </div>
        </div>
    </div>
</footer>

<!-- jQuery -->
<script src="/myblog/js/jquery.min.js"></script>

<!-- Bootstrap Core JavaScript -->
<script src="/myblog/js/bootstrap.min.js"></script>

<!-- Custom Theme JavaScript -->
<script src="/myblog/js/hux-blog.min.js"></script>


<!-- async load function -->
<script>
    function async(u, c) {
      var d = document, t = 'script',
          o = d.createElement(t),
          s = d.getElementsByTagName(t)[0];
      o.src = u;
      if (c) { o.addEventListener('load', function (e) { c(null, e); }, false); }
      s.parentNode.insertBefore(o, s);
    }
</script>

<!-- 
     Because of the native support for backtick-style fenced code blocks 
     right within the Markdown is landed in Github Pages, 
     From V1.6, There is no need for Highlight.js, 
     so Huxblog drops it officially.

     - https://github.com/blog/2100-github-pages-now-faster-and-simpler-with-jekyll-3-0  
     - https://help.github.com/articles/creating-and-highlighting-code-blocks/    
-->
<!--
    <script>
        async("http://cdn.bootcss.com/highlight.js/8.6/highlight.min.js", function(){
            hljs.initHighlightingOnLoad();
        })
    </script>
    <link href="http://cdn.bootcss.com/highlight.js/8.6/styles/github.min.css" rel="stylesheet">
-->


<!-- jquery.tagcloud.js -->
<script>
    // only load tagcloud.js in tag.html
    if($('#tag_cloud').length !== 0){
        async("http://reflectyi.gitee.io/myblog/myblog/js/jquery.tagcloud.js",function(){
            $.fn.tagcloud.defaults = {
                //size: {start: 1, end: 1, unit: 'em'},
                color: {start: '#bbbbee', end: '#0085a1'},
            };
            $('#tag_cloud a').tagcloud();
        })
    }
</script>

<!--fastClick.js -->
<script>
    async("https://cdn.bootcss.com/fastclick/1.0.6/fastclick.min.js", function(){
        var $nav = document.querySelector("nav");
        if($nav) FastClick.attach($nav);
    })
</script>


<!-- Google Analytics -->


<script>
    // dynamic User by Hux
    var _gaId = 'UA-49627206-1';
    var _gaDomain = 'huangxuan.me';

    // Originial
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
    })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

    ga('create', _gaId, _gaDomain);
    ga('send', 'pageview');
</script>




<!-- Baidu Tongji -->

<script>
    // dynamic User by Hux
    var _baId = '4cc1f2d8f3067386cc5cdb626a202900';

    // Originial
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "//hm.baidu.com/hm.js?" + _baId;
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
</script>


<!-- Side Catalog -->

<script type="text/javascript">
    function generateCatalog (selector) {
        var P = $('div.post-container'),a,n,t,l,i,c;
        a = P.find('h1,h2,h3,h4,h5,h6');
        a.each(function () {
            n = $(this).prop('tagName').toLowerCase();
            i = "#"+$(this).prop('id');
            t = $(this).text();
            c = $('<a href="'+i+'" rel="nofollow">'+t+'</a>');
            l = $('<li class="'+n+'_nav"></li>').append(c);
            $(selector).append(l);
        });
        return true;    
    }

    generateCatalog(".catalog-body");

    // toggle side catalog
    $(".catalog-toggle").click((function(e){
        e.preventDefault();
        $('.side-catalog').toggleClass("fold")
    }))

    /*
     * Doc: https://github.com/davist11/jQuery-One-Page-Nav
     * Fork by Hux to support padding
     */
    async("/myblog/js/jquery.nav.js", function () {
        $('.catalog-body').onePageNav({
            currentClass: "active",
            changeHash: !1,
            easing: "swing",
            filter: "",
            scrollSpeed: 700,
            scrollOffset: 0,
            scrollThreshold: .2,
            begin: null,
            end: null,
            scrollChange: null,
            padding: 80
        });
    });
</script>





<!-- Image to hack wechat -->
<img src="http://reflectyi.gitee.io/myblog/myblog/img/icon_wechat.png" width="0" height="0" />
<!-- Migrate from head to bottom, no longer block render and still work -->

</body>

</html>
